Article

SAP issues update to correct critical ActiveX flaw

SearchSecurity.com Staff

SAP issued an update to correct an ActiveX flaw that plagues its graphical user interface (GUI). The flaw could be exploited by an attacker to gain access to sensitive data.

The SAP interface is used in the software vendor's enterprise resource planning applications.

The flaw was discovered by Carsten Eiram, a researcher with Danish vulnerability clearinghouse Secunia. In the

    Requires Free Membership to View

Secunia advisory, Eiram said an error in the TabOne ActiveX control could be remotely exploited to cause a heap-based buffer overflow by adding multiple tabs. Secunia gave the flaw a highly critical rating.

"Successful exploitation may allow execution of arbitrary code," Secunia said.

SAP issued an update correcting the flaw. Version 7.10 sets the kill-bit for the ActiveX control.

The Waldorf, Germany-based software vendor has corrected a number of ActiveX flaws in the past. SAP issued an update to its GUI in November, correcting an ActiveX flaw that could crash Internet Explorer if an attacker passed malicious code.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: